For the English version of this alert, click here.
Allele Security Alert
ASA-2019-00533
Identificador(es)
ASA-2019-00533, CVE-2019-15902
Título
Erro durante backporting na função ptrace_get_debugreg() reintroduz vulnerabilidade Spectre
Fabricante(s)
Linux foundation
Produto(s)
Linux kernel
Versão(ões) afetada(s)
Linux kernel stable/longterm versões 4.4.186 até 4.4.190
Linux kernel stable/longterm versões 4.9.186 até 4.9.190
Linux kernel stable/longterm versões 4.14.134 até 4.14.141
Linux kernel stable/longterm versões 4.19.59 até 4.19.69
Linux kernel stable/longterm versões 5.2.1 até 5.2.11
Versão(ões) corrigida(s)
Linux kernel stable/longterm versão 4.4.191
Linux kernel stable/longterm versão 4.9.191
Linux kernel stable/longterm versão 4.14.142
Linux kernel stable/longterm versão 4.19.71
Linux kernel stable/longterm versão 5.2.13
Prova de conceito
Sim
Descrição
Foi descoberto um erro durante backport no kernel do Linux stable/longterm 4.4.x à 4.4.190, 4.9.x à 4.9.190, 4.14.x à 4.14.141, 4.19.x à 4.19.69 e 5.2.x à 5.2.11. Uso indevido do commit upstream “x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()” reintroduziu a vulnerabilidade Spectre que ele pretendia eliminar.
Detalhes técnicos
Desconhecido
Créditos
Brad Spengler (Grsecurity)
Referência(s)
Teardown of a Failed Linux LTS Spectre Fix
https://grsecurity.net/teardown_of_a_failed_linux_lts_spectre_fix.php
x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=31a2fbb390fee4231281b939e1979e810f945415
Re: [GIT pull] x86/pti for 5.3-rc1
https://lkml.org/lkml/2019/7/8/1104
Patch “x86/ptrace: fix up botched merge of spectrev1 fix” has been added to the 5.2-stable tree
https://www.spinics.net/lists/stable-commits/msg129020.html
Patch “x86/ptrace: fix up botched merge of spectrev1 fix” has been added to the 4.19-stable tree
https://www.spinics.net/lists/stable-commits/msg129019.html
Patch “x86/ptrace: fix up botched merge of spectrev1 fix” has been added to the 4.14-stable tree
https://www.spinics.net/lists/stable-commits/msg129018.html
Patch “x86/ptrace: fix up botched merge of spectrev1 fix” has been added to the 4.9-stable tree
https://www.spinics.net/lists/stable-commits/msg129017.html
Patch “x86/ptrace: fix up botched merge of spectrev1 fix” has been added to the 4.4-stable tree
https://www.spinics.net/lists/stable-commits/msg129016.html
https://security-tracker.debian.org/tracker/CVE-2019-15902
CVE-2019-15902 | SUSE
https://www.suse.com/security/cve/CVE-2019-15902
CVE-2019-15902
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15902
CVE-2019-15902
https://nvd.nist.gov/vuln/detail/CVE-2019-15902
Se encontrou algum erro neste alerta ou deseja uma análise compreensiva, entre em contato.
Última modificação: 9 setembro 2019